CVE-2026-23556
9.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked.
When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Xen | oxenstored | all | affected |
Weaknesses
- CWE-281: CWE-281 Improper preservation of permissions
ADP Enrichment
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2026/04/28/10
- http://xenbits.xen.org/xsa/advisory-483.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.